General
-
Target
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053
-
Size
80KB
-
Sample
250529-rce2zssvew
-
MD5
097577cc927e0c426a52cf4fc1604e6f
-
SHA1
50a2f00722c18473d814349694aec81f05004fa8
-
SHA256
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053
-
SHA512
9eb31c4842f73c120be1f8e0da69ae58d9232d78c33ae5d11d13ae29b60e91f49295f727cde467bc0bec05fc720b267fa5b04acf57a38389c8eb28e544d2eda0
-
SSDEEP
1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2l:LehXz2ja+PuiPU8
Static task
static1
Behavioral task
behavioral1
Sample
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053.exe
Resource
win11-20250508-en
Malware Config
Targets
-
-
Target
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053
-
Size
80KB
-
MD5
097577cc927e0c426a52cf4fc1604e6f
-
SHA1
50a2f00722c18473d814349694aec81f05004fa8
-
SHA256
9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053
-
SHA512
9eb31c4842f73c120be1f8e0da69ae58d9232d78c33ae5d11d13ae29b60e91f49295f727cde467bc0bec05fc720b267fa5b04acf57a38389c8eb28e544d2eda0
-
SSDEEP
1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2l:LehXz2ja+PuiPU8
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (4873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-